Jomaxro

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 **Description** Discourse is an open-source discussion platform. An authorization bypass in the poll plugin allowed authenticated users to perform actions on polls they were not authorized to access. This included voting, removing votes, and changing the open/closed status of polls. The issue occurred because the authorization check and poll lookup used different resolutions when the `post id` parameter was passed as an array (e.g., `post id[]=&post id[]=`). This affected the following API endpoints within the `DiscoursePoll::PollsController`: - `/vote` - `/remove vote` - `/toggle status` The `post id` parameter is a vulnerable parameter. **Recommendations** Update Discourse to version 2026.3.0-latest.1 or later. Update Discourse to version 2026.2.1 or later. Update Discourse to version 2026.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 **Description** Discourse, an open-source discussion platform, is affected by a potential stored Cross-Site Scripting (XSS) issue in topic titles within the solved posts stream. This allows for the injection of malicious scripts that can be executed in the context of other users' browsers. **Recommendations** Update to Discourse version 2026.3.0-latest.1 or later. Update to Discourse version 2026.2.1 or later. Update to Discourse version 2026.1.2 or later. Ensure the Content Security Policy is enabled and has not been modified in a way that increases vulnerability to XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 **Description** Discourse is an open-source discussion platform. Insufficient authorization checks in the `user actions` API endpoint allowed a user to access another user's private activity. The `user actions` endpoint is vulnerable, potentially exposing private user data. The vulnerable parameter is not specified. **Recommendations** Update Discourse to version 2026.3.0-latest.1 or later. Update Discourse to version 2026.2.1 or later. Update Discourse to version 2026.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 **Description** Discourse is an open-source discussion platform. The `ComposerController#mentions` API endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying `allowed names` referencing a hidden-membership group and probing arbitrary usernames, an attacker can infer membership based on whether `user reasons` returns "private" for a given user. This bypasses group member-visibility controls. **Recommendations** Restrict the messageable policy of any hidden-membership group to staff or group members only, so untrusted users cannot reach the vulnerable code path.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Discourse anteriores à versão mais recente do núcleo do Discourse **Descrição** O Discourse é uma plataforma de código aberto para discussão em comunidade. Em versões afetadas, com certas combinações de plugins e com o CSP desativado, os fluxos de atividade na página de perfil do usuário podem ser vulneráveis a XSS. **Recomendações** Para versões anteriores à versão mais recente do núcleo do Discourse, atualize para a versão mais recente do núcleo do Discourse. Para usuários que não possam atualizar, assegure-se de que o CSP esteja habilitado.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Discourse anteriores à versão mais recente **Descrição** O problema afeta usuários que desativam o chat nas preferências, mas que, em alguns casos, ainda poderiam ser alcançados. O número estimado de dispositivos potencialmente afetados em todo o mundo não está disponível. Não há informações sobre incidentes no mundo real onde este problema foi explorado. **Recomendações** Para versões anteriores à versão mais recente, atualize para a versão mais recente do Discourse. Como solução temporária para usuários que não possam atualizar, desative o plugin de chat nas configurações do site.

**Nome do Software Vulnerável e Versões Afetadas** Discourse (versões afetadas não especificadas) **Descrição** A vulnerabilidade permite que um atacante execute código JavaScript arbitrário nos navegadores dos usuários ao postar uma URL Onebox maliciosamente elaborada. Este problema afeta apenas sites com a Política de Segurança de Conteúdo (CSP) desativada. O número estimado de dispositivos potencialmente afetados em todo o mundo não está disponível. Não há informações sobre incidentes reais onde essa vulnerabilidade foi explorada. Os detalhes técnicos sobre a exploração incluem o uso de uma URL Onebox maliciosa para executar código JavaScript arbitrário. **Recomendações** Para todas as versões afetadas, atualize para a versão mais recente do Discourse para resolver o problema. Como solução temporária, considere habilitar a CSP, desativar Oneboxes inline globalmente ou permitir domínios específicos para Oneboxing até que o problema seja resolvido.

**Nome do Software Vulnerável e Versões Afetadas** Discourse AI (versões afetadas não especificadas) **Descrição** O problema diz respeito ao plugin Discourse AI, que oferece recursos de IA. Ao compartilhar conversas do Bot Discourse AI em posts, entidades HTML da conversa podem vazar para a aplicação Discourse caso um usuário visite um post com um onebox para essa conversa. Este problema foi resolvido no commit `92f122c`. **Recomendações** Para todas as versões afetadas, atualize para uma versão que inclua a correção do commit `92f122c`. Como medida temporária para usuários impossibilitados de atualizar, remova todos os grupos da configuração do site `ai bot public sharing allowed groups`.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier in the `beta` and `tests-passed` branches **Description** Discourse is an open source platform for community discussion. The embedding feature is susceptible to server side request forgery. As a workaround, disable the Embedding feature. **Recommendations** For versions prior to 3.1.3, update to version 3.1.3 or later. For version 3.2.0.beta3 and earlier in the `beta` and `tests-passed` branches, update to version 3.2.0.beta3 or later. As a temporary workaround, consider disabling the Embedding feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 **Description** Discourse is an open source community platform. In affected versions, any user can create a topic and add arbitrary custom fields to a topic. The severity of this issue depends on what plugins are installed and how the plugins use topic custom fields. For a default Discourse installation with the default plugins, this issue has no impact. **Recommendations** For versions prior to 3.1.1 on the stable branch, update to version 3.1.1. For versions prior to 3.2.0.beta2 on the beta branch, update to version 3.2.0.beta2. If an update is not possible, disable any plugins that access topic custom fields as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 **Description** Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide user profiles from public` is enabled. **Recommendations** For versions prior to 3.1.1, upgrade to version 3.1.1 or later. For versions prior to 3.2.0.beta2, upgrade to version 3.2.0.beta2 or later. As a temporary workaround, consider restricting access to user summaries for anonymous users until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 stable Discourse versions prior to 3.2.0.beta2 **Description** Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the "/polls/grouped poll results" endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. **Recommendations** For versions prior to 3.1.1 stable, upgrade to version 3.1.1 stable or later. For versions prior to 3.2.0.beta2, upgrade to version 3.2.0.beta2 or later. As a temporary workaround, consider restricting access to the "/polls/grouped poll results" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches **Description** Discourse is an open-source discussion platform. Importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later. For version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches, update to version 3.2.0.beta1 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches **Description** A malicious user can create an unlimited number of drafts with very long draft keys, potentially exhausting server resources. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later. For version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches, update to version 3.2.0.beta1 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches **Description** A malicious user could add a 2FA or security key with a carefully crafted name to their account, causing a denial of service for other users. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later. For version 3.2.0.beta1 and earlier in the `beta` and `tests-passed` branches, update to version 3.2.0.beta1 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.1.1 of the `stable` branch Discourse versions prior to 3.2.0.beta1 of the `beta` and `tests-passed` branches **Description** A malicious admin could create extremely large icons sprites, which would then be cached in each server process, potentially causing server processes to be killed and leading to downtime. This issue is a concern for multisite installations, but no action is required when admins are trusted. **Recommendations** For versions prior to 3.1.1 of the `stable` branch, update to version 3.1.1 or later. For versions prior to 3.2.0.beta1 of the `beta` and `tests-passed` branches, update to version 3.2.0.beta1 or later. As a temporary workaround, consider restricting the ability of admins to create large icons sprites until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. **Description** Discourse is an open source discussion platform. Information about restricted-visibility topic tags could be obtained by unauthorized users. **Recommendations** For versions prior to 3.0.6 of the `stable` branch, update to version 3.0.6 or later. For versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches, update to version 3.1.0.beta7 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches **Description** A malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue affects Discourse, an open source discussion platform. Users of multisite configurations are at risk. **Recommendations** For Discourse versions prior to 3.0.6 of the `stable` branch, upgrade to version 3.0.6. For Discourse versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches, upgrade to version 3.1.0.beta7.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.6 of the `stable` branch Discourse versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches **Description** Discourse is an open source discussion platform. A malicious user can edit a post in a topic and cause a Denial of Service (DoS) with a carefully crafted edit reason. **Recommendations** For versions prior to 3.0.6 of the `stable` branch, update to version 3.0.6 or later. For versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches, update to version 3.1.0.beta7 or later.

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.0.6 of the `stable` branch Discourse versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches **Description** Discourse is an open source discussion platform. The issue allows more users than permitted to be created from invite links. As a workaround, use restrict to email address invites. **Recommendations** For versions prior to 3.0.6 of the `stable` branch, update to version 3.0.6 or later. For versions prior to 3.1.0.beta7 of the `beta` and `tests-passed` branches, update to version 3.1.0.beta7 or later. As a temporary workaround, consider restricting invite links to email address invites until a patch is available.